Archive for
June, 2015

Posted by productmarketingComments Off on IpTL Provides Security Against LogJam Attack

You may have read or heard about concerns recently over various encryption and "secure" VPN methodologies, including the so-called "LogJam Attack". This attack basically looks to “mess up” the selection of encryption used on a link to force it to a weak link that is crackable.

The real problem is with poorly configured HTTPS and SSL VPN’s which are trying to support legacy applications. IpTL has always had security at the forefront of our connectivity and as such we are not vulnerable to this attack.

Here are some key points which are standard in any IpTL solution:

IpTL secure links do not use SSL or HTTPS. We are built on TLSv1.2 and use AES 256 encryption default.

There are no weak export ciphers in our system.

We use 2,048 bit RSA asymmetric keys.

IpTL is a closed symmetric system with our appliances or virtual machines are on both ends of the link and not point-security solution.

Thus, we can guarantee AES 256 encryption on your data and no one can force a downgrade to another encryption level which can be broken. If the cipher spec is altered then no connection will take place and no data leaked.

With our Tunnel Authentication passphrase you can input a 64 character passcode which locks even the initial TLS communications between the endpoints. Note: this is not the encryption pre-shared key (we don’t offer preshared keys!)

When using this feature only the appliances sharing the same passphrase can communicate. Any other connection attempts are ignored…you can’t even get the server to respond to a non-authorized connection to attempt a downgrade. This is above and beyond our standard ephemeral key exchanges and HMACs of TLS!